We worked on it for the past 5 months, with me quitting my job at Apple to work on this full time, so it has been quite the journey!
All the voice notes and locations are anonymized, as in, the database for userId and email is separate from anonymized Id linked to the voice and location data.
Specifically, I use AWS Cognito for the email addresses, and DynamoDB for anonymized ID : voice notes and location data.
If you have a better suggestion, please let me know!
If these two are linkable, which they likely are if users can delete their data, the notes and location are pseudonymised instead of anonymised. They could be anonymous to other users (that don’t have access to the other database), but they are pseudonymous to you.
- Stripping data of any direct identifiers, such as user ID or name, before collection.
- Manipulating data to break the linkage and prevent re-linkage to real-world identities.
Additionally, in order for data not to be linked to a particular user’s identity, you must avoid certain activities after collection:
- You must not attempt to link the data back to the user’s identity.
- You must not tie the data to other datasets that enable it to be linked to a particular user’s identity.
We do not attempt to link the data back to user's identity or tie the datasets to enable them to be linked.
If you have a more technical solutions/suggestions, we are all ears. Thank you very much!
Not affiliated with the app, but this is quite interesting.
You mean only the user can access it’s own data. I.e. data is encrypted and the user retains the only key.
Makes me think about if the user looses the key (uninstalls app, etc) what would be the recovery methods, if any?
How do you ensure user privacy? If someone accessed your data could they link voice messages with email address?